YubiKey

People who wish to use a physical hardware token for 2-Step verification should pick up a Simple Hardware Token free of charge.  For most users, if you don't have a smartphone or landline available, a Simple Hardware Token is sufficient.

YubiKeys

CalNet recommends YubiKey 5 Series Security Keys as they have HOTP, U2F, and FIDO2/Webauthn capabilities. YubiKey 4 Series Security Keys will also work for U2F and HOTP.

YubiKeys as U2F Tokens

Advanced users may wish to enroll a YubiKey as an U2F token.  These are not required to use CalNet 2-Step Verification, but advanced users may wish to leverage features of YubiKeys, for example, their ability to function using USB-provided power without needing an internal battery.

YubiKeys as a U2F Token can be used with most current web browsers running on desktop operating systems.  Please verify your web browser before proceeding. 

U2F tokens can be set up through the self serve portal. See:   YubiKey U2F Token

YubiKeys as HOTP Tokens

Advanced users may wish to enroll a YubiKey as an HOTP device.  These are not required to use CalNet 2-Step Verification, but advanced users may wish to leverage features of YubiKeys, for example, their ability to function using USB-provided power without needing an internal battery.

YubiKeys as HOTP Tokens can be used anywhere a Duo passcode is accepted; this includes all web browsers as well as non-web integrations in the future.  In order to use a YubiKey as an HOTP Token, it must first be programmed.  This is a complicated procedure.  

If you want to use your YubiKey as an HOTP token, email calnet-admin@berkeley.edu

For a more in-depth discussion of YubiKeys, see Duo Authentication Methods  and Yubico OTP vs. U2F